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DETAILED ACTION 

1 . This office action is in response to the communication filed on 12/12/2003. 

2. Claims 1-20 are pending and presented for examination. 

Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 1-20 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Chen et al. (Flexible control of a parallelism in a multiprocessor PC router, hereafter 
Chen) and further in view of applicant's admitted prior art (Background of the 
application, hereafter AAPA), and Venkatanarayan et al. (US 2005/0044221, hereafter 
Venkatanarayan) and Shneyderman et al/ (Mobile VPNs for next generation GPRS and 
UMTS networks, hereafter Shneyderman). 

5. For claim 1 , Chen discloses a method of allocating processing capacity of system 
processing units in an extranet gateway, the method comprising the steps of: 
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establishing a first initial expected available bandwidth of a first of the system 
processing units; establishing a second initial expected available bandwidth of a second 
of the system processing units (4.1, par. 2, different CPUs have their own processing 
speeds that is related to their throughput or bandwidth, 5.2, par. 2, e.g. a CPU can 
forward 239,234 packets per second); and 

Chen does not explicitly disclose: 

assigning a Virtual Private Network (VPN) tunnel to one of the first and second 
system processing units for processing 

However, AAPA discloses the same (AAPA, [0010], assigning tunnels to 
processing units) 

Chen-AAPA does not disclose by assessing current available bandwidths of the 
first and second system processing units; 

However, Venkatanarayan discloses by assessing current available bandwidths 
of the first and second system processing units (fig. 2, [0017] line 11, use load 
balancing algorithm to select a port with the most available bandwidth for forwarding 
packets), 

Chen-AAPA-Venkatanarayan does not disclose: 

the current available bandwidths being determined by assessing the initial 
expected available bandwidth for that system processing unit as decremented by other 
processing requirements for that system processing unit; 

However, Shneyderman discloses the current available bandwidths being 
determined by assessing the initial expected available bandwidth for that system 
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processing unit as decremented by other processing requirements for that system 
processing unit (page 7, par. 6, the current available bandwidth is the processing power 
of routing/tunneling engines available, page 7, par. 1 1 , current available resources is 
available resource of each route processor engine RPE that CPU resources can be 
preoccupied by virtual routers). 

Therefore, it would have been obvious for one skilled in the art at the time of the 
invention to combine the teachings of Chen-AAPA-Venkatanarayan-Shneyderman to 
load balance VPN tunnels to processors that has the most available resources to fully 
utilize the processing capability of the processors and therefore raise throughput level of 
VPN gateway. 

6. For claim 2, Chen-AAPA-Venkatanarayan-Shneyderman further discloses one of 
the other processing requirements comprises overhead processing requirements 
(Shneyderman, page 5 par. 1). 

7. For claim 3, Chen-AAPA-Venkatanarayan-Shneyderman further discloses one of 
the other processing requirements comprises processing requirements associated with 
other VPN tunnel assignments (Venkatanarayan, fig. 2, [0017] line 11, Shneyderman, 
page 7, last par., use load balancing algorithm to select the most available bandwidth 
processor compared to other VPN tunnels). 
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8. For claim 4, Chen-AAPA-Venkatanarayan-Shneyderman further discloses one of 
the other processing requirements comprises processing requirements associated with 
another SPU handling a VPN tunnel assignment (Venkatanarayan, fig. 2, [0017] line 11, 
Shneyderman, page 7, last par., use load balancing algorithm to select the most 
available bandwidth processor compared to processor with VPN assignments). 

9. For claim 5, Chen-AAPA-Venkatanarayan-Shneyderman further discloses the 
processing requirements associated with other VPN tunnel assignments comprise 
encapsulation and de-encapsulation processing requirements for the other VPN tunnels 
(Shneyderman, page 4, par. 3, encapsulation VPN tunnel). 

10. For claim 6, Chen-AAPA-Venkatanarayan-Shneyderman further discloses the 
processing requirements associated with other VPN tunnel assignments comprise at 
least one of encryption and de-encryption processing requirements for the other VPN 
tunnels (Shneyderman, page 9, IPSec based MVPN, par. 1, fig. 7, IPSec tunnel). 

11. For claim 7, Chen-AAPA-Venkatanarayan-Shneyderman further discloses the 
first initial expected available bandwidth is established by multiplying a first processor 
speed associated with the first system processing unit with a first conversion factor, and 
wherein the second initial expected available bandwidth is established by multiplying a 
second processor speed associated with the second system processing unit with a 
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second conversion factor (Chen, section 5.1, 5.2, a 500 Mhz processor can process up 
to 239,234 pps, the conversion factor is 500/239,234). 

12. For claim 8, Chen-AAPA-Venkatanarayan-Shneyderman further discloses the 
first conversion factor is the same as the second conversion factor (Chen, 5.1, 5.2, four 
500 Mhz CPUs have same conversion factors). 

13. For claim 9, Chen-AAPA-Venkataharayan-Shneyderman further discloses the 
first conversion factor is defined as the amount of bandwidth passable by a given 
processor per unit CPU speed (Chen, 5.1, 5.2). 

14. For claim 1 0, Chen-AAPA-Venkatanarayan-Shneyderman further discloses the 
step of assigning the VPN tunnel to one of the first and second system processing units 
comprises assigning the VPN tunnel to the system processing unit having the highest 
current available bandwidth (Venkatanarayan, fig. 2, [0017] line 11, use load balancing 
algorithm to select a port with the most available bandwidth for forwarding packets). 

15. For claim 1 1 , Chen-AAPA-Venkatanarayan-Shneyderman further discloses the 
highest current available bandwidth is based on an absolute bandwidth capacity basis 
(Venkatanarayan, fig. 2, [0017] line 11, use load balancing algorithm to select a port 
with the most available bandwidth for forwarding packets). 
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16. For claim 12, Chen-AAPA-Venkatanarayan-Shneyderman further discloses the 
highest current available bandwidth is based on a relative bandwidth capacity basis 
(Venkatanarayan, fig. 2, [0017] line 11, use load balancing algorithm to select a port 
with the most available bandwidth for forwarding packets). 

1 7. For claim 1 3, Chen-AAPA-Venkatanarayan-Shneyderman further discloses the 
step of reducing the current available bandwidth for the one of the first and second 
system processing units to which the VPN tunnel was assigned (Shneyderman, page 7, 
last par., each virtual router takes up CPU resources of a RPE, therefore reducing the 
maximum available bandwidth that CPU can support). 

18. For claim 14, the claim is rejected for the same rationale as in claim 1 . 

19. For claim 15, the claim is rejected for the same rationale as in claims 2, 3, and 4. 

20. For claim 16, the claim is rejected for the same rationale as in claim 6. 

21 . For claim 17, the claim is rejected for the same rationale as in claim 7. 

22. For claim 18, the claim is rejected for the same rationale as in claim 8. 

23. For claim 19, the claim is rejected for the same rationale as in claim 10. 

24. For claim 20, the claim is rejected for the same rationale as in claim 1 1 . 



Second rejection 
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25. Claims 1 and 14 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Chen et al. (Flexible control of a parallelism in a multiprocessor PC router, hereafter 
Chen) and further in view of applicant's admitted prior art (Background of the 
application, hereafter AAPA), and Pham etal. (US 2003/0074473, hereafter Pham) and 
Shneyderman et al. (Mobile VPNs for next generation GPRS and UMTS networks, 
hereafter Shneyderman). 

26. For claim 1 , Chen discloses a method of allocating processing capacity of system 
processing units in an extranet gateway, the method comprising the steps of: 

establishing a first initial expected available bandwidth of a first of the system 
processing units; establishing a second initial expected available bandwidth of a second 
of the system processing units (4.1, par. 2, different CPUs have their own processing 
speeds that is related to their throughput or bandwidth, 5.2, par. 2, e.g. a CPU can 
forward 239,234 packets per second); and 

Chen does not explicitly disclose: 

assigning a Virtual Private Network (VPN) tunnel to one of the first and second 
system processing units for processing 

However, AAPA discloses the same (AAPA, [0010], assigning tunnels to 
processing units) 

Chen-AAPA does not disclose by assessing current available bandwidths of the 
first and second system processing units; 
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However, Pham discloses by assessing current available bandwidths of the first 
and second system processing units (fig. 3, a plurality of processors in a VPN gateway, 
[0060], [0061], lines 1-8, [0062] lines 1-10, selection of a crypto engine (or any 
processor engine) is based on its completion time delta, or its bandwidth (time 
completing processing for a same packet size, [0056]), 

Chen-AAPA-Pham does not disclose: 

the current available bandwidths being determined by assessing the initial 
expected available bandwidth for that system processing unit as decremented by other 
processing requirements for that system processing unit; 

However, Shneyderman discloses the current available bandwidths being 
determined by assessing the initial expected available bandwidth for that system 
processing unit as decremented by other processing requirements for that system 
processing unit (page 7, par. 6, the current available bandwidth is the processing power 
of routing/tunneling engines available, page 7, par. 11, current available resources is 
available resource of each route processor engine RPE that CPU resources can be 
preoccupied by virtual routers). 

Therefore, it would have been obvious for one skilled in the art at the time of the 
invention to combine the teachings of Chen-AAPA-Pham-Shneyderman to load balance 
VPN tunnels to processors that has the most available resources to fully utilize the 
processing capability of the processors and therefore raise throughput level of VPN 
gateway. 
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27. For claim 14, the claim is rejected for the same rationale as in claim 1 . 

Conclusion 

28. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure: 

■ Lin. US 7,117,530. 

- Shapira et al. US 2005/0237955. 

■ Gharhremani. US 7,1 16,679. 

- Chong, Jr. US 6,684,274. 

■ Maseshima et al. US 6,092, 1 1 3. 

■ Ganesan et al. US 2003/0069973. 

■ Bommareddy et al. US 6,772,226. 
• Lor et al. US 2004/0068668. 

■ Cohen. US 2002/0097736. 

■ Mathews et al. US 7, 1 1 1 ,072. 

■ McDysan. US 6,778,498. 

29. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Hieu T. Hoang whose telephone number is 571-270- 
1253. The examiner can normally be reached on Monday-Thursday, 8 a.m.-5 p.m., 
EST. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Bunjob Jaroenchonwanit can be reached on 571-272-3913. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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